Rework page about Tor to include warnings and the Tor and HTTPS visual
Lunar

Lunar commited on 2014-05-27 18:04:48
Zeige 3 geänderte Dateien mit 240 Einfügungen und 37 Löschungen.

... ...
@@ -1,37 +0,0 @@
1
-<page xmlns="http://projectmallard.org/1.0/"
2
-      type="topic"
3
-      id="how-tor-works">
4
-
5
-  <info>
6
-    <desc>How Tor works.</desc>
7
-    <link type="guide" xref="index" group="#first"/>
8
-  </info>
9
-
10
-  <title>Tor</title>
11
-  <p>
12
-    Tor is a network of virtual tunnels that allows you to improve your
13
-    privacy and security on the Internet. Tor works by sending your
14
-    traffic through three random servers (also known as <em>relays</em>)
15
-    in the Tor network, before the traffic is sent out onto the public
16
-    Internet
17
-  </p>
18
-  <media type="image" src="media/how-tor-works.png" />
19
-  <p>
20
-    The image above illustrates a user browsing to different websites
21
-    over Tor. The green monitors represent relays in the Tor network,
22
-    while the three keys represent the layers of encryption between the
23
-    user and each relay.
24
-  </p>
25
-  <p>
26
-    Tor will anonymize the origin of your traffic, and it will encrypt
27
-    everything between you and the Tor network. Tor will also encrypt
28
-    your traffic inside the Tor network, but it cannot encrypt your
29
-    traffic between the Tor network and its final destination.
30
-  </p>
31
-  <p>
32
-    If you are communicating sensitive information, for example when
33
-    logging on to a website with a username and password, make sure that
34
-    you are using HTTPS (e.g.  <input><em>https</em>://torproject.org/</input>,
35
-    not <input><em>http</em>://torproject.org/</input>).
36
-  </p>
37
-</page>
... ...
@@ -0,0 +1,228 @@
1
+<page xmlns="http://projectmallard.org/1.0/"
2
+      xmlns:its="http://www.w3.org/2005/11/its"
3
+      xmlns:xi="http://www.w3.org/2001/XInclude"
4
+      type="topic"
5
+      id="tor">
6
+
7
+  <info>
8
+    <link type="guide" xref="index" group="#first"/>
9
+    <desc>Learn what Tor can do to protect your privacy and anonymity.</desc>
10
+  </info>
11
+
12
+  <title>Tor</title>
13
+
14
+  <section id="what-tor-will-do">
15
+    <title>What Tor will do</title>
16
+
17
+    <p>
18
+      The <app its:translate="no">Tor Browser</app> uses the <app
19
+      its:translate="no">Tor</app> network to protect your privacy
20
+      and anonymity. Using the <app its:translate="no">Tor</app> network has two
21
+      main properties:
22
+    </p>
23
+
24
+    <list>
25
+      <item>
26
+        <p>
27
+          The Internet access provider will not be able to learn the sites
28
+          being visited and will not be able to monitor the content of
29
+          the communication.
30
+        </p>
31
+      </item>
32
+      <item>
33
+        <p>
34
+          The sites will see a connection coming from the <app
35
+          its:translate="no">Tor</app> network and will not learn
36
+          the actual Internet connection used to visit them.
37
+        </p>
38
+      </item>
39
+    </list>
40
+
41
+    <p>
42
+      On top of that, the <app its:translate="no">Tor Browser</app> is designed
43
+      to minimize the ability of websites to fingerprint the browser.
44
+    </p>
45
+    <p>
46
+      The Tor Browser does not keep any browsing history. <em>Cookies</em>
47
+      are only valid for a single session: until the <app its:translate="no">Tor
48
+      Browser</app> is exited or a <!-- XXX: add link --><gui>New Identity</gui>
49
+      is requested.
50
+    </p>
51
+
52
+    <!-- XXX: add Tor Browser team/mikeperry about things that are worth
53
+    adding here. -->
54
+  </section>
55
+
56
+  <section id="what-tor-will-not-do">
57
+    <title>What Tor will <em>not</em> do</title>
58
+
59
+    <p>
60
+      <app its:translate="no">Tor</app> and the <app its:translate="no">Tor
61
+      Browser</app> will protect your privacy and anonymity only if used
62
+      appropriately.
63
+    </p>
64
+
65
+    <list>
66
+      <item>
67
+        <p>
68
+          <app its:translate="no">Tor</app> will not encrypt the whole
69
+          communication. What is sent to the <app its:translate="no">Tor</app>
70
+          network is what leaves the <app its:translate="no">Tor</app> network.
71
+          For web browsing, this means that any confidential information
72
+          should be sent using the HTTPS protocol.
73
+          <!-- XXX: add a link to another topic page / document HTTPS Everywhere
74
+          -->
75
+          <!-- XXX: mention hidden services? -->
76
+        </p>
77
+      </item>
78
+      <item>
79
+        <p>
80
+          If you give a website identifying information (e.g. a name, a
81
+          <em>login</em>), you will no longer be an anonymous visitor of this
82
+          website.
83
+        </p>
84
+      </item>
85
+      <item>
86
+        <p>
87
+          If you transfer files, they can contain identifying information in their
88
+          metadata, like the camera serial number.
89
+        </p>
90
+      </item>
91
+      <item>
92
+        <p>
93
+          Only connections made through the <app its:translate="no">Tor
94
+          Browser</app> will go through the <app its:translate="no">Tor</app>
95
+          network. Unless specific steps are taken, other applications on your
96
+          computer will continue to do direct Internet connections and can
97
+          reveal your location.
98
+          <!-- XXX: add topic page on how to deal with external documents? /
99
+          mention Tails? -->
100
+        </p>
101
+      </item>
102
+    </list>
103
+
104
+    <p>
105
+      If loosing control over some information might have problematic
106
+      consequences, it is sometimes better to leave it off computers entirely.
107
+    </p>
108
+  </section>
109
+
110
+  <section id="how-tor-works">
111
+    <title>How Tor works</title>
112
+
113
+    <p>
114
+      Tor is a network of virtual tunnels that allows you to improve your
115
+      privacy and security on the Internet. Tor works by sending your
116
+      traffic through three random servers (also known as <em>relays</em>)
117
+      in the Tor network, before the traffic is sent out onto the public
118
+      Internet
119
+    </p>
120
+    <media type="image" src="media/how-tor-works.png" />
121
+    <p>
122
+      The image above illustrates a user browsing to different websites
123
+      over Tor. The green monitors represent relays in the Tor network,
124
+      while the three keys represent the layers of encryption between the
125
+      user and each relay.
126
+    </p>
127
+  </section>
128
+
129
+  <section id="tor-and-https">
130
+    <title>Tor and HTTPS</title>
131
+
132
+    <p>
133
+      The following visualization helps understanding what data are visible to
134
+      eavesdroppers with or without the <app its:translate="no">Tor Browser</app>
135
+      and when encrypted connections (HTTPS) or not:
136
+    </p>
137
+
138
+    <xi:include href="media/tor-and-https.svg" />
139
+
140
+    <list>
141
+      <item>
142
+        <p>
143
+          Click the <gui>Tor</gui> button to see what data is visible to
144
+          eavesdroppers when you're using Tor. The button will turn green to
145
+          indicate that Tor is on.
146
+        </p>
147
+      </item>
148
+      <item>
149
+        <p>
150
+          Click the <gui>HTTPS</gui> button to see what data is visible to
151
+          eavesdroppers when you're using HTTPS. The button will turn green to
152
+          indicate that HTTPS is on.
153
+        </p>
154
+      </item>
155
+      <item>
156
+        <p>
157
+          When both buttons are green, you see the data that is visible to
158
+          eavesdroppers when you are using both tools.
159
+        </p>
160
+      </item>
161
+      <item>
162
+        <p>
163
+          When both buttons are grey, you see the data that is visible
164
+          to eavesdroppers when you don't use either tool.
165
+        </p>
166
+      </item>
167
+    </list>
168
+    <terms>
169
+      <title>Potentially visible data</title>
170
+      <item>
171
+        <title its:translate="no">
172
+          <xi:include href="media/tor-and-https.svg" parse="xml"
173
+                      xpointer="xpointer(//*[@id='string-site']/text())">
174
+             <xi:fallback>site.com</xi:fallback>
175
+          </xi:include>
176
+        </title>
177
+        <p>
178
+          The site being visited.
179
+        </p>
180
+      </item>
181
+      <item>
182
+        <title its:translate="no">
183
+          <xi:include href="media/tor-and-https.svg" parse="xml"
184
+                      xpointer="xpointer(//*[@id='string-login']/text())">
185
+            <xi:fallback>user / pw</xi:fallback>
186
+          </xi:include>
187
+        </title>
188
+        <p>
189
+          Username and password used for authentication.
190
+        </p>
191
+      </item>
192
+      <item>
193
+        <title its:translate="no">
194
+          <xi:include href="media/tor-and-https.svg" parse="xml"
195
+                      xpointer="xpointer(//*[@id='string-data']/text())">
196
+            <xi:fallback>data</xi:fallback>-->
197
+          </xi:include>
198
+        </title>
199
+        <p>
200
+          Data being transmited.
201
+        </p>
202
+      </item>
203
+      <item>
204
+        <title its:translate="no">
205
+          <xi:include href="media/tor-and-https.svg" parse="xml"
206
+                      xpointer="xpointer(//*[@id='string-location']/text())">
207
+            <xi:fallback>location</xi:fallback>
208
+          </xi:include>
209
+        </title>
210
+        <p>
211
+          Network location of the computer used to visit the website (the public
212
+          IP address).
213
+        </p>
214
+      </item>
215
+      <item>
216
+        <title its:translate="no">
217
+          <xi:include href="media/tor-and-https.svg" parse="xml"
218
+                      xpointer="xpointer(//*[@id='string-tor']/text())">
219
+            <xi:fallback>Tor</xi:fallback>
220
+          </xi:include>
221
+        </title>
222
+        <p>
223
+         Whether or not Tor is being used.
224
+        </p>
225
+      </item>
226
+    </terms>
227
+  </section>
228
+</page>
... ...
@@ -2,6 +2,9 @@
2 2
 
3 3
 # XXX: turn into ./configure option
4 4
 MAL2LATEX = ../mal2latex
5
+# XXX: turn into ./configure option
6
+TOR_AND_HTTPS = ../tor-and-https
7
+
5 8
 HELP_ID = tor-browser-user-manual
6 9
 HELP_FILES = $(shell cd C && git ls-files '*.page')
7 10
 HELP_MEDIA = $(shell cd C && git ls-files 'media')
... ...
@@ -47,6 +50,15 @@ media-symlinks.stamp: all
47 50
 		done
48 51
 	touch media-symlinks.stamp
49 52
 
53
+.PHONY: update-tor-and-https
54
+update-tor-and-https:
55
+	set -e && \
56
+		for lc in C $(HELP_LINGUAS); do \
57
+			find $(TOR_AND_HTTPS) \
58
+				-wholename "*/$$(echo $$lc | sed -e 's/^\([^_-]*\).*/\1/')*/tor-and-https.svg" \
59
+				-exec cp {} $$lc/media ';'; \
60
+		done
61
+
50 62
 clean:
51 63
 	set -e && \
52 64
 		for lc in C $(HELP_LINGUAS); do \
53 65